High severityOSV Advisory· Published Apr 5, 2019· Updated Aug 4, 2024
CVE-2019-10874
CVE-2019-10874
Description
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bolt/boltPackagist | >= 3.6.6, < 3.6.7 | 3.6.7 |
Affected products
2Patches
Vulnerability mechanics
References
8- www.exploit-db.com/exploits/46664/mitreexploitx_refsource_EXPLOIT-DB
- github.com/advisories/GHSA-3g6c-88pf-m46fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10874ghsaADVISORY
- packetstormsecurity.com/files/152429/Bolt-CMS-3.6.6-Cross-Site-Request-Forgery-Code-Execution.htmlghsax_refsource_MISCWEB
- fgsec.net/from-csrf-to-rce-bolt-cmsghsaWEB
- fgsec.net/from-csrf-to-rce-bolt-cms/mitrex_refsource_MISC
- github.com/bolt/bolt/pull/7768/commits/91187aef36363a870d60b0a3c1bf8507af34c9e4ghsax_refsource_MISCWEB
- www.exploit-db.com/exploits/46664ghsaWEB
News mentions
0No linked articles in our index yet.